Trust CMCC for accurate information on AB 506

AB 506 was legislation enacted in late 2021 and signed by the Governor in response to the myriad incidents of child sexual abuse revealed by a number of high-profile female athletes who came forward to testify before Congress and in courtrooms about the coaches, trainers, and doctors who had molested them . . . in some cases, years earlier. The purpose behind the law is, obviously, laudable. Unfortunately, the legislation itself is vague, sometimes ambiguous, and sweeps a broad brushstroke across all manner of “Youth Services Organizations” that may not have been the author’s real intent. The law became effective January 1, 2022, and if your church isn't in compliance, you must begin NOW!

Nevertheless, the impact on churches and ministries that serve children under age 18 is real and creates a genuine issue of strict compliance with the letter of the law. This is not an idle threat . . . the consequences of failure to comply are severe. It can result in criminal prosecutions of “mandated reporters” who fail to report any known or suspected incident of child abuse or neglect – a topic far broader than child sexual abuse. It will eventually lead to the loss of General Liability insurance when insurance companies ask for verification of compliance with all aspects of the new “Standard of Care” vaguely outlined in AB 506, which includes Live Scan fingerprinting of all employees and most child-facing volunteers, documented training of mandated reporters, staff, and volunteers, adopting specific sets of policies & procedures for children’s programs, youth programs, sports programs, AWANA, music camps, and more (each of these programs share some common elements, but each is distinctly different as well, and each will require separately tailored policies & procedures), and documentation that the policies & procedures have been implemented and are being monitored.

To this end, there is some very good and very poor advice being offered to churches and ministries. Church & Ministry Compliance Consulting wants to provide your organization with the best possible advice, and is partnered with the MinistrySafe organization to do just that . . . our association goes back to the Spring of 2017 when we first met founder Gregory Love in Dallas at the GuideStone Employee Benefits Summit. The acknowledged experts in child sexual abuse, child safety systems, and abuse awareness and prevention training for employees and volunteers, MinistrySafe endeavors to provide the most accurate information available. Many of the resources on this page are provided courtesy of the MinistrySafe organization.

Learn more about the founding and mission of MinistrySafe

The steps to compliance with AB 506

Enhance your AB 506 compliance with training from MinistrySafe . . .

Download a whole packet of AB 506 resources . . . just click on this button!

Contact us for details on getting an independent review of your church's Policies & Procedures

Interested in a complimentary first-year membership in the MinistrySafe program? It's a $250 value!

Check out our Compliance Fire Drill page for more information

Jump to the Compliance Fire Drill page for more information on how to receive a complimentary first-year membership in the MinistrySafe Child Safety System

1. Register as a "Youth Services Organization"Your church or ministry must file an application with the California Department of Justice ("DOJ") and receive its own "ORI" number. The ORI number identifies your church as the organization which is submitting the Live Scan background check request and will direct the results to your "Custodian of Records" ("COR"). You can download a copy of the application by clicking the button to the right. We've also created a sample to show you what a filled-in application might look like. There is a $79 application fee that must be paid to the DOJ with the application.

This is a two-step process that is taking several weeks to complete due to the hundreds of applications being submitted. Once the application has been approved, the Custodian of Records must submit his or her fingerprints for a California and FBI background check, using the DOJ's ORI number as the submitter. There is a $79 fee for this background check, plus the "rolling fee" paid to a Live Scan vendor, which can range from under $10 to more than $25. The DOJ maintains a current list of authorized vendors by county which is accessible here: (HINT: scroll to the bottom of the page!)

2. While you're waiting for your ORI number

A. In the next four to eight weeks, your church needs to get busy with all other aspects of compliance with AB 506. You'll need to appoint the COR, who should NOT be the pastor of the church, and you'll need a "secure" email server kept under lock-and-key which is only accessible by the COR. This should be a computer separate from any other computer at your church in order to maintain the strict confidentiality required. You should also obtain a "secure" email address dedicated solely to receiving DOJ findings and communicating with the DOJ. It should not be a "gmail," "yahoo," or similar type of email address. We recommend obtaining a free email account from Protonmail. It is secure and private.

B. Your employees and child-facing volunteers must receive training in recognizing and reporting Child Abuse & Neglect. Those persons who are "mandated reporters" must take a four-hour training course. Mandated reporters include clergy, HR administrators, children's and youth program leaders, and volunteers who will have supervisory authority over other volunteers and children. Ministers, including your children's and youth program leaders, should also take the additional clergy-specific course. Non-mandated reporters need to take the two-hour course. Links to these no-cost courses are available at

Churches enrolled in the MinistrySafe organization have an advantage when it comes to providing their volunteers with training that goes above and beyond the requirements of AB 506 by combining additional training in Child Sexual Abuse Awareness and Prevention in a single course that takes under two hours. And yet another value-added benefit of using MinistrySafe's training is a complete and permanent record of who has been assigned training, who has completed training or not, and reminders two years down the road that it's time to assign retraining.

View the rest of the MinistrySafe Child Safety Workshop videos below

C. Your Policies & Procedures need to be written, independently reviewed, and distributed to each of your employees and child-facing volunteers. You should conduct information sessions for employees and volunteers to go over each of the policies, what they mean, and how they are going to be implemented and monitored. These are all elements of the new "Standard of Care" prescribed by AB 506.

You should create a list of your mandated reporters, complete with cell phone numbers, email addresses, and alternate phone numbers, and distribute it to all employees and volunteers so that everyone knows who they may call when necessary. A proper "chain of command" will keep things orderly. If something needs to be reported, it should happen ASAP!

3. Live Scan Fingerprinting

While you're waiting for your ORI number, you should locate and make arrangements with a Live Scan vendor to "roll" all of your employees and volunteers. You should be able to negotiate a discounted fee for this service. If you can locate a "mobile" vendor, it will make things most convenient for everyone to have the vendor come to the church for a few hours (or longer) to roll everyone's fingerprints at one time – plan on about 6–8 minutes per person (your vendor will tell you what to expect). Setting appointments and having the COR check the completed Live Scan request forms for accuracy in advance can make things go much smoother for all.

Because your church is a nonprofit corporation, there will be no fees charged by the DOJ for the Live Scan background check in compliance with AB 506. The COR should begin receiving results within 24-72 hours in most cases. Occasionally, it may take a bit longer. Your Policies & Procedures should detail what the COR's responsibilities are and what the next steps are in the event a "red flag" were to pop up.